Upload
rien-van-den-bosch
View
1.823
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
© 2010 Skybox Security, Inc.
Risk Modeling & Simulation -A behind the scenes look at how to prevent
cyber attacks
Justin CokerVP EMEA
Skybox Security [email protected]
+44 (0) 7831 691498
© 2010 Skybox Security, Inc. 204/10/2023
Skybox Security Inc.
Automated Security Risk and Compliance Management – US HQ
Founded in 2002, First clients 2004
Privately owned, financially stable
Predictive risk analysis based on network modelling and simulation technology
Largest deployment 300,000 nodesGlobal 2000 – Financial, Critical NationalInfrastructure, Retail & Government
© 2010 Skybox Security, Inc. 304/10/2023
High Performers Choose Skybox
Skybox Security operates on a global basis with Fortune 2000 clients and government agencies in over 20 countries.
Banking, Financial Services & Insurance Energy & Utilities
Government & Education
Pharmaceuticals& Chemicals
Retail Information Technology
Services
Telecom
© 2010 Skybox Security, Inc.
Losing Ground against Cyber Threats
404/10/2023
Complex Networks
Rising Threats
Less Time
Too Many Vulnerabilities
More devices, high rate of change
35M threats in McAfee 2009 database
Shorter time window to prevent attacks
Hard to find the 1-2% that expose critical risks
© 2010 Skybox Security, Inc.
A Serious Reality Check
The number of attacks is now so large and their sophistication so great, that many organisations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt with first.
- SANS Top Cyber Security Risks report, Sept 2009
504/10/2023
Source: http://www.sans.org/top-cyber-security-risks
© 2010 Skybox Security, Inc.
Modeling and Simulation in Practice
Identify risk of new threats before an attack Measure and track risk level for all
critical assets Prioritize vulnerabilities based on the
potential risk Optimize remediation work Uncover attack scenarios for proactive
mitigation
604/10/2023
© 2010 Skybox Security, Inc.
Modeling the IT Battlefield
704/10/2023
Critical assets
Attackers and access routes
Gaps in defences
Countermeasures!
The Battlefield
© 2010 Skybox Security, Inc.04/10/2023 8
Enhanced Visibility
• Humans quickly process complex visual information
*Source http://www.newscientist.com/article/dn9633-calculating-the-speed-of-sight , Univ of Pennsylvania, 2006
Fact: Approximate bandwidth of human retinas calculated at approximately 8,960 kilobits per second!*
• Leverage a ‘Google Earth’ view to drill down on problem areas
• Speed internal communication through objective reference
© 2010 Skybox Security, Inc.
Collect & Normalize Data
Creating a Model
904/10/2023
Virtual Model for Analyzing Past, Current,
and Future Exposures
Scanner IPSFirewall Load Bal RouterAlerts Patch
Automated CollectionEnd-to-End Visibility
© 2010 Skybox Security, Inc. 10
Create Situational Awareness
Move to a risk-based approach to security management
Identify the real threats & vulnerabilities affecting your organisation & answer key questions
Focus limited resources on protecting your valuable assets
Get ahead of the curve proactive security management
04/10/2023
© 2010 Skybox Security, Inc.
Simulate Attacks...
Probable attack vector to Finance
servers asset groupConnectivity path
1104/10/2023
© 2010 Skybox Security, Inc.
Compare Remediation Options – Option 1...
Option 1: Prevent exploit with IPS
signature in DMZ
1204/10/2023
© 2010 Skybox Security, Inc.
Option 2...
Option 2: Modify access from DMZ to
Finance servers
1304/10/2023
© 2010 Skybox Security, Inc.
Option 3
Option 3: Patch the affected asset
1404/10/2023
© 2010 Skybox Security, Inc.
●● ●●
●●
●
●
●
●
●
● ● ●●
●
●
●
●
●
● ● ●●
●
●
●●
●
Remediation is needed only for 1-2% of systems
•Correlate risk exposures, threats, vulnerabilities, and security controls
•Quantify holistic risk level
•Reduce remediation by >90%
•Optimize security plans
•Validate controls
•Save resources, time and budget
•Ensure policies reflect risk
No remediation required due to “compensating controls”
Find Weaknesses, Test Defences
04/10/2023 15
© 2010 Skybox Security, Inc.
Key Ingredients for Successful Risk Modelling
1604/10/2023
Network Modeling
Attack Simulation
Risk Metrics
What-if Analysis
Remediation Planning
Integrate into BAU
© 2010 Skybox Security, Inc. 1704/10/2023
The Skybox Difference
Predictive analysis and network modelling pinpointskey risks
Fast results to make risk modeling and simulation an integral part of daily IT operations
Complete portfolio of IT risk and compliance management solutions
Proven in the most challenging networks in the world